Re: latest trends in email spam

I demand that Moe Trin may or may not have written...

[snip]
For example, mail you receive that your ISP's MTA says came from a host
without a name (seen in the Received: header), or from a host whose name
contains the letters 'dsl', 'client', 'dynamic', 'ppp' - these are most
generally zombie hosts being abused by spammers.

That may be, but you DO NOT use this and this alone for rejecting mail.
Checking through a few mailing lists to which I subscribe, I see legitimate
examples of some of the above. Checking what is claimed to have received the
message and the chain consistency is also important.

Look at the HELO or EHLO name that the host claimed to be when it connected
(also in the Received: header)- does it fit?

Could be spam, could be clueless user, could be competent user who simply
hasn't considered how his machine announces itself as an SMTP client...

I reject ALL mail that is in HTML,

Fair enough - usually. HTML as attachment rather than as primary content
comes to mind, though I'd expect that to be rare.

or has that string 'http://' anywhere in the body.

I see a lot of legitimate mail which has that.

[snip]
I finally managed to convince one to use PC-Pine instead of Lookout (which
was running in duplicate Text/HTML mode) when she discovered that her
outgoing mail ran _much_ faster on her dialup connection. Wonder why.

:-)

--
| Darren Salt | linux or ds at | nr. Ashington, | Toon
| RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
| + Output less CO2 => avoid massive flooding. TIME IS RUNNING OUT *FAST*.

A hermit is a deserter from the army of humanity.
.

Relevant Pages